Did Jack Daniels thwart a ransomware attack or not?

The ransomware REvil gang, also known as Sodinokibi, claims to have organized a successful attack on the American wine and spirits giant, Brown-Forman Corp, but the company claims otherwise.

The company is the official manufacturer of Jack Daniels whiskey.

According to cyber security service provider AppGate, the famous alcoholic beverage manufacturer was the victim of an attack but refused to pay the ransom demanded by REvil. In response, the hackers put the data stolen in the attack up for sale for about $1.5 million in the „wall of shame“ section of their official darknet blog.

This ransomware has its own affiliate program

However, Brown-Forman Corp told Infosecurity-Magazine in a statement that they had managed to prevent cybercriminals from encrypting their files. This does not necessarily mean that the gang’s claim of having compromised the internal network and stolen confidential information is incorrect.

If you are a buyer, be careful
Speaking to Cointelegraph, Felipe Duarte, AppGate security researcher and author of the study, said there is no way to confirm whether the data allegedly stolen by REvil actually exists or „whether it’s just a threat.

Unfortunately, ransomware attacks requiring crypto currencies are here to stay
The only evidence the gang has revealed are screenshots posted on their darknet site of the allegedly stolen data.

Duarte confirmed that the REvil group also infiltrated three international targets in the oil and gas, insurance and consulting industries, including quest-worldwide.com in Australia, eurecat.com in France and National Western Life in the U.S.

Duarte told Cointelegraph that REvil and other hacker groups had made a significant financial gain from their model of unraveling some of the stolen data and selling the „crown jewels“ to the highest bidder.

The Spanish railway infrastructure has been threatened by ransomware

He adds that, if companies continue to pay these bailouts, these groups will be able to finance and expand their operations to additional targets exponentially faster.

Ransomware gang REvil, known also as Sodinokibi, claims to have mounted a successful attack against the U.S. wine and spirits giant, Brown-Forman Corp – but the company claims otherwise.

Rescues in Monero
Duarte said that most of the rescues are migrating from Bitcoin (BTC) to other cryptosystems such as Monero (XMR). „Sodinokibi used Bitcoin until 2019, this year they started accepting only Monero (XMR) for ransom payments and stolen data auctions,“ he said.

„Monero seems to be the main option for most of the new attacks, as it is significantly more difficult to track than Bitcoin. We would expect to see governments and others pay attention to improving their tracking of this currency, as they have done with Ethereum Code, as these attacks on critical infrastructure companies grow.

Recently, REvil stole more than 800 GB of data from ADIF, the Spanish state-owned railway infrastructure manager, after a successful attack on its systems.